WVD and SSO with AAD Connect PHS/PTA


Hi Guys,


As far as I know in order to use SSO in WVD, we must have AD FS.

But what about below topology, when we use PHS/PTA as the synchronization method in AAD connect, also we connect WVD pool with On-prems environment using VPN/ER. Can clients in On-prems AD SSO to WVD Pool?



5 Replies

To add something, I did some check of how seamless SSO works.

My question is if WVD can be regarded as an App that use seamless SSO



Your client is not connecting to WVD via the internal addresses but via the hosted WVD gateway/brokers of Microsoft. This means your schema is incorrect.

Thanks for your reply @knowlite.
Assume the WVD pool in my diagram means both WVD pool and hosted WVD gateway/brokers, is it possible to enable seamless SSO?
My main question is if we can use Seamless SSO(no ADFS) for WVD?

I found a blog saying below, but it's not from official MS docs, so I am afraid I cannot present this to customer as evidence.
""8: No Direct SSO using Azure AD Native – If you today are using SAML based SSO with for instance Azure AD or other iDP’s such as if you have end-users on Azure AD joined machines and want to provide SSO directly to a WVD desktop this is not currently possible and it requires that you have configured an ADFS.""
From: https://msandbu.org/windows-virtual-desktop-breakdown-of-architecture-and-current-status/

Not sure if anyone can help on this.

The new Remote Desktop app provides SSO once the credentials have been cached, so it's a one time configuration. Going through RDWEB there is no SSO functionality without ADFS (unfortunately).